You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Everything works but as son as I enable the modsecurity middleware I get a blank page. Any idea what I'm doing wrong? I'm publishing the sites in https and the entrypoints redirects http to https, has this something to do?
Any help or working example are welcome, thanks
This is my current setup, domains are fake
### Traefik.yml static
global:
checkNewVersion: true
sendAnonymousUsage: false
serversTransport:
insecureSkipVerify: true # allow insecure backend connections
entryPoints: # Not used in apps, but redirect everything from HTTP to HTTPS
http80:
address: :80
http:
redirections:
entryPoint:
to: https443
scheme: https
permanent: true
# HTTPS endpoint, with domain wildcard
https443:
address: :443
#forwardedHeaders:
# trustedIPs: *trustedIps # Reuse list of Cloudflare Trusted IP's above for HTTPS requests
http:
tls:
certResolver: letsencrypt
domains:
- main: testesttes.com.es
sans:
- '*.testesttes.com.es'
middlewares:
- securityHeaders@file
providers:
providersThrottleDuration: 15s
file:
filename: /etc/traefik/fileConfig.yml
watch: true
# Docker provider for connecting all apps that are inside of the docker network
docker:
watch: true
network: br2 # Add Your Docker Network Name Here
# Default host rule to containername.domain.example
defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\"}}.testesttes.com.es`)"
swarmModeRefreshSeconds: 15s
exposedByDefault: false
endpoint: "tcp://socketproxy:2375"
# Enable traefik ui
api:
dashboard: true
insecure: false
# Log level INFO|DEBUG|ERROR
log:
level: INFO # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
filePath: "/etc/traefik/logs/traefik.log"
accesslog:
filePath: "/etc/traefik/logs/access.log"
bufferingSize: 100
filters:
statusCodes:
- "204-299"
- "400-499"
- "500-599"
# Use letsencrypt to generate ssl serficiates
certificatesResolvers:
letsencrypt:
acme:
email: server@server.com
storage: /etc/traefik/acme.json
dnsChallenge:
provider: cloudflare
# Used to make sure the dns challenge is propagated to the rights dns servers
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
delayBeforeCheck: 90
# Traefik plugins
experimental:
plugins:
crowdsec-bouncer-traefik-plugin:
moduleName: "github.com/maxlerebourg/crowdsec-bouncer-traefik-plugin"
version: "v1.1.12"
traefik-modsecurity-plugin:
moduleName: "github.com/acouvreur/traefik-modsecurity-plugin"
version: "v1.3.0"
### this is fileconfig.yml / Dynamic
http:
# Home Assistant
routers:
homeassistant:
entryPoints:
- https443
rule: 'Host(`ha.dasdassdaadsdas.com.es`)'
service: homeassistant
middlewares:
- traefik-ha-csbouncer
- traefik-modsecurity
services:
homeassistant:
loadBalancer:
servers:
- url: http://10.10.10.100:8123/
## MIDDLEWARES ##
middlewares:
traefik-ha-csbouncer:
plugin:
crowdsec-bouncer-traefik-plugin:
enabled: true
logLevel: INFO
updateIntervalSeconds: 30 # stream mode only
#defaultDecisionSeconds: 60 # live mode only
crowdsecMode: stream
crowdsecLapiKey: asdasdasdasdasdasdasdasda# Api key for 'traefik-ha'
crowdsecLapiHost: 10.10.50.11:8080
crowdsecLapiScheme: http
crowdsecLapiTLSInsecureVerify: false
#forwardedHeadersTrustedIPs: # List of IPs of trusted Proxies that are in front of traefik (ex: Cloudflare)
clientTrustedIPs:
- 10.10.10.1/24
forwardedHeadersCustomName: X-Forwarded-For
redisCacheEnabled: true
redisCacheHost: redis-cs:6379
redisCachePassword: asdasdasdasdasdasdasdas
redisCacheDatabase: 1
traefik-modsecurity:
plugin:
traefik-modsecurity-plugin:
#MaxBodySize: "52428800"
ModsecurityUrl: http://modsecurity:80
TimeoutMillis: "2000"
# Security headers
securityHeaders:
headers:
customResponseHeaders:
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
server: ""
X-Forwarded-Proto: "https"
sslProxyHeaders:
X-Forwarded-Proto: "https"
referrerPolicy: "strict-origin-when-cross-origin"
hostsProxyHeaders:
- "X-Forwarded-Host"
customRequestHeaders:
X-Forwarded-Proto: "https"
framedeny: true # Set frameDeny to true to add the X-Frame-Options header with the value of DENY.
contentTypeNosniff: true # Set contentTypeNosniff to true to add the X-Content-Type-Options header with the value nosniff.
browserXssFilter: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsSeconds: 63072000
stsPreload: true
# Only use secure ciphers - https://ssl-config.mozilla.org/#server=traefik&version=2.6.0&config=intermediate&guideline=5.6
tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
I'm have read the doc from this project and https://github.com/coreruleset/modsecurity-crs-docker/tree/master
Everything works but as son as I enable the modsecurity middleware I get a blank page. Any idea what I'm doing wrong? I'm publishing the sites in https and the entrypoints redirects http to https, has this something to do?
Any help or working example are welcome, thanks
This is my current setup, domains are fake
### Traefik.yml static
### this is fileconfig.yml / Dynamic
### Docker compose
The text was updated successfully, but these errors were encountered: